Internet provider subscriber communications system

ABSTRACT

A method for communicating in real-time to users of a provider of Internet access service, without requiring any installation or set-up by the user, that utilizes the unique identification information automatically provided by the user during communications for identifying the user to provide a fixed identifier which is then communicated to a redirecting device. Messages may then be selectively transmitted to the user. The system is normally transparent to the user, with no modification of its content along the path. Content then may be modified or replaced along the path to the user. For the purposes of establishing a reliable delivery of bulletin messages from providers to their users, the system forces the delivery of specially-composed World Wide Web browser pages to the user, although it is not limited to that type of data.

BACKGROUND OF THE INVENTION 1. Field of the Invention

The invention is generally related to customer relations and managementcommunication systems and is more specifically directed to a method forthe enforced delivery of messages to customer subscribers and users ofan Internet Service or transport service provider.

2. Discussion of the Prior Art

Over the next several years in the U.S., 85 million new users will startusing the Internet and 77% of U.S. households will be connected to theWeb. Clearly, the Internet market will continue to grow in existing andaltogether new ways. The Internet is now a critical part of ourcommunications options. Innovation will continue to be a major factorassociated with the Internet as enterprising companies find new ways tooffer faster, more expanded services ranging from access, security,quality and class of services, as well as content offerings. No matterwhat these expanded services or applications turn out to be, the rapidadoption of Internet use will continue to increase and that increasewill have profound effects on the providers who support these millionsof users.

Currently, the providers that physically connect subscribers to theInternet are very limited in their ability to communicate back to theirsubscriber base. If a provider wants to communicate with customers aboutplanned outages or problems, viruses being broadcast from the subscriberPCs, billing issues, or emergency information, the provider is limitedto some very unreliable approaches such as phone calls, e-mails, orbulletins in monthly billing statements. None of these approaches offerassured timely delivery, and most require a great deal of effort withuncertain results. Today, the common method used to notify thesubscriber is to let the subscriber discover the particular problem andthen contact the provider for assistance and information. Unlike cabletelevision wherein the cable company can force “crawlers” and otherinformational communication to the viewer's television screen, theInternet service provider must rely upon the subscriber to voluntarilyand manually access the informational Web pages that relate to thesubscriber's system. The subscribers of the provider may not use orreveal other services that might have been useful such as their use ofe-mail or even their e-mail addresses. The other customer relationscommunication channel used by the provider is the accompanying flierthat is mailed with the monthly bill. These channels are unreliable andnot timely for much of the communication that the provider could utilizethat would substantially reduce the cost of supporting the subscriberbase. A simple example is enforced notification of scheduled system“down time” due to maintenance. Virtually all subscribers who arenotified of an upcoming service interruption will not place the supporttelephone calls that typically inundate the provider support facilitiesunder such circumstances.

Due to the ever growing Internet user population, a solution that couldavoid these calls would not only greatly reduce the unnecessary callvolume being placed on provider call support centers, but would alsohelp improve customer confidence, leading to better customer loyalty andretention.

Enforced delivery of messages has been available with auxiliary clientsoftware components such as enrollment and use of an “Instant Messaging”system as offered by AOL and Microsoft. Enforced delivery of messageshas also been available with auxiliary client software componentsassociated with certain provider authentication protocols. In all cases,the software becomes machine, operating system, and operating systemversion dependent, must be installed by the subscriber or user, and theinstallation must be supported by the provider. U.S. Pat. No. 6,148,332,entitled: MANDATORY MESSAGE DISPLAY AND REPORTING SYSTEM, issued to C.M. Brewer on Nov. 14, 2000 discloses a messaging system including asoftware program to be loaded on a PC that is closely linked to the PPP(“The Point-to-Point Protocol,” as defined by RFC 1661) or PPPoE (“AMethod for Transmitting PPP Over Ethernet,” as defined by RFC 2516) thatthe Internet service provider provides. Specifically, this is “LOG-ON”software that the user must have in order to initiate and maintainservice. The intent of the application is to force advertising windowson the user's screen, i.e., a mandatory display. The main components ofthis system are that the software must be loaded on the user PC, thewindow is specifically not on the Web browser, and the advertisingwindow cannot be removed without losing the connection to the Internetservice provider service. In addition to ISP support systems, it isbecoming increasingly desirable to support inter-communication between auser and a local, sub-level provider, such as an establishment ortransportation provider supplying Wi-Fi connectivity for its customersor passengers. The Wi-Fi “hotspot” market is anticipated to grow to ahalf-million within four years. Hotspot providers have no access totheir own provision channel in order to push advertisements to theirusers other than at sign-on time . . . that is, once per visit. Theoverriding problem in this phenomenon is the conflict between theexploding popularity and the lack of a way to make manage it from acost/risk aspect. Currently, there are three ways that providers attemptto gain value from the installation of a hotspot:

Charge for the service as you use it (not popular with users) but maywork for critical areas like airline clubs, captive passengers in atrain or airplane, and other public access areas, where users who reallyneed it will pay for it.

Associate a free use of the service with other products such as a DSL orcable modem home subscription.

Use the service as a way to attract customers to your store such asanticipated by chain restaurants and the like.

SUMMARY OF THE INVENTION

The subject invention specifically eliminates a requirement for anyclient software components and specifically utilizes Web page access.Automatic modification of the content of received data also can beaccomplished with other unmodified Web applications in accordance withthe invention. The invention presents a Web page as a replacement forthe user-requested page, as an interim page before the requested page,or as an additional “pop-up” browser window. Enforcement takes advantageof the near-universality of Web browser utilization and of the protocolto log successful deliveries. In accordance with the teachings of theinvention, the elimination of a client software component can create theentirety of the functionality of the system in a hardware or softwaredevice that can be distributed throughout the provider infrastructurethrough a simply installed, fail-safe network connection withoutcustomer participation in the installation process.

The architect of the invention is adopted to unobtrusively co-exist withthe current Internet transport networks, providing critical performancemonitoring and automated messaging to insure that transport networkoperators, ISPs, content providers, and the users have communicationlinks. This can include aggregation routers of typical ISPs,neighborhood connectivity at the ISP CMTS level and even hot-spots suchas Wi-Fi connections at a retail establishment level.

The method of the subject invention provides users with active screensinforming them of transport or Internet Service Provider networkproblems, thus allowing customers to know of any situation real-time andavoid overwhelming the provider's congested call-centers with costly andunnecessary trouble-report calls. In addition, users will be able tomonitor their own Internet performance and differentiate problemsbetween transport and content parties and avoid the costly inquiry callsthat would otherwise occur. The estimated payback in technical supportcall reduction alone is a matter of a couple of months with indirectcustomer satisfaction increasing the true value much more. The reductionof technical support center calls provides a very attractive payback tothe providers. In addition, other services may be offered byfacilitating localized content delivery such as emergency informationand/or advertising. Once the invention, which may be implemented as ahardware device, or as software running on a standard computer system,is merged within the provider network, additional services are providedthrough software upgrades at the provider without requiring installationat the user's site. Specifically, all of this is done within the networkwithout touching user equipment.

The subject invention allows providers to have an active vehicle withwhich to communicate to a user (or subscriber group) while the user isbrowsing the Internet. These services are manifested in a number of waysdepending on the providers' physical and logical network architecture.The methodology is addressable to all IP provider connection approachesfrom Broadband (Cable, DSL, Satellite, Fixed Wireless) to traditionaldial-up services. In addition to offering the provider a cost savingsproposition in technical support call elimination and in improvingcustomer confidence, the system of the subject invention also offers theProvider a way to directly reach users by particular demographics foremergency information and advertising purposes. Within the realm ofadvertising, the ability to tie ad content to local geographies, as wellas user demographics, will allow very specific ad content to bepresented to users. Such high quality advertising can result inincremental provider revenue as well as open up the opportunity forexpanded products that provide Internet access at a lower price becauseof advertising subsidization.

The preferred embodiment of the invention can be entirely containedwithin a hardware or software device that is connected to the providernetwork that performs the modification of the Web information deliveredto the user. The enforcement can be guaranteed with Web browser activityby the targeted user. The near-universality of Web browser utilizationby Internet users presents a near-universal enforcement of the desiredcustomer management communication from the provider to the user and on areal-time basis and confirmation of delivery is available both fromsystem logs as well as optional Web page click-through. The providercreates the special communication through the three-part definition:

1. the resolution from IP address to a customer identification byaccount number, modem MAC address or serial number, other fixedidentifier, or temporary identifier such as cookie placement to meterthe delivery frequency.

2. The policy of delivery describing the circumstances of delivery suchas time of delivery, frequency, triggering activity, and the like.

3. The associated Web page or other content to be delivered and type ofpage delivery (replacement, insert, pop-up).

The system relies upon any of several standard router mechanisms toredirect Web traffic. Some existing protocols developed for transparentWeb caching permit the installation to take place while the system isfully operational and renders it immune to device failure by supportingnormal functionality should the device fail. These protocols arepreferred but not necessary.

The system examines the source IP address of a request and, if notcached, makes a query to obtain the customer identification to check ifa policy is in force. There are different protocol options that can beutilized to obtain this relationship that may be kept in DNS (DomainName System), DHCP (“Dynamic Host Configuration Protocol,” as describedin RFC 1531), LDAP (“Lightweight Directory Access Protocol,” asdescribed in RFC 1777), or external database servers. The deviceendeavors to utilize the valid duration of these relationships to cachethe information and reduce network administrative message overhead.

When policies are not necessarily directed at specific users but,instead, to IP address-identified individuals or subnets, the deliveryprocess can proceed without user-lookup but with metering based upon theIP address alone. The use of cookies placement and cookie examination byvisible or non-visible, null-Web pages can control the metering of thedelivery to groups of users. The cookie-based metering can,additionally, include effective metering control of users who experienceIP address changes during the delivery schedule and to individual usersin a group of multiple users behind address-translating routersexhibiting a single IP address to the Internet.

When no policy is in force for a particular user or group ofsubscribers, the connection is allowed to proceed normally and theexpected Web page is displayed. If a policy is in force for that user,the policy is enforced and, as an example, the user may see a “pop-up”browser window appear containing special customer communications. Thepop-up window can request further action or utilize any of the richarray of options available in Web browsers.

In systems with many devices connected, an optional management consolecan be utilized to consolidate the numerous devices into presentingitself as a single system to the existing provider infrastructure. Thisconsolidation can reduce or eliminate administrative overhead of theexisting provider infrastructure when expanding or changing the systemof devices. The management console can also consolidate theadministrative activity of the Web redirecting devices to reduce thatoverhead.

In addition, systems that utilize alternative address managementdatabases to reconcile subscriber account identification with currentlyissued IP addresses can be used identically to the DHCP query for CableModem address within the consolidating and management device bysubstituting the alternate account identification for the Cable Modemaddress or unique subscriber ID and subsequently relaying the respectivepolicy information for that subscriber to the redirecting device upondiscovery of the associated IP address.

Alternatively, the redirecting device reflects packets back to therouter while maintaining state information about the browsing session.Once an HTTP GET message is seen and the URL and HTTL header areexamined, if it is desired to send a replacement message, theredirecting device replies directly to the user, as if it is the server,and the redirecting device sends a message to the server, as if it isthe client, that terminates the session. If the page is not to bereplaced, the redirecting device can simply continue to reflect packetsback to the router.

In a further implementation of the system, the Cable MSO is replacedwith a hotspot network. Both are Internet providers with the differencebeing one of scale, with the latter being much more appropriatelyassociated with the advertising application as opposed to theservice/support application. In a typical application of thisconfiguration, the hotspot infrastructure appears in two basic classes:

a) Hotspots independently connected directly to the Internet through afirewall using a NAT (many-to-one address translation) whereas alltraffic from users to the Internet hops onto the Internet at the site;and

b) Hotspots VPN'd in one way or another such that all users are givenaddresses of a core provider's remote network and “tunneled” back to acentral network for control.

The centrally owned instance that also tunnels all users back to acentral network can be serviced very much like that of a cable Internetprovider.

The small, directly-connected, independently installed, opportunisticprovider can be serviced by a two-terminal device that would install inthe cable between the Internet service and the hotspot NAT router andtransmitter/receiver called an Access Point (AP). Such a system requireslittle or no access to identifying the actual user either to targetadvertising as appropriate or to meter the frequency of pop-up ads toindividuals at the ISP level, while such an application is supported atthe user level, permitting the provider to communicate with each user ona one-to-one basis. Specifically, the identification of the users, whoare anonymous to the Internet traffic because they are on the other sideof the NAT, is supported by the subject invention. Users behind such aNAT can receive evenly dispatched messages that can be metered throughthe use of the placement and examination of cookies by the Webinteraction with the device through either visible or non-visible nullWeb pages that process the cookie tagging.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows the two components of the invention: the redirecting deviceand the consolidating and management device.

FIG. 2 shows the redirecting device at the network edge with the cableaccess concentrator/router and other various network components.

FIG. 3 provides a summary of how the redirecting device navigatesthrough the four critical modules.

FIG. 4 shows alternate locations on a network incorporating theredirecting device of the subject invention.

FIG. 5 shows the redirecting device as utilized on a Wi-Fi system.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

The architecture of the preferred invention is designed especially toadapt to a cable operator's IP network. Comparable components andprotocols exist in other broadband systems such as DSL and wireless, aswell as other Internet service provider transports, such as analog anddigital dial-up and private line environments, for which the scope ofthe invention is intended to include.

Internet service and transport providers provide their users with apipeline to the Internet, but are not directly involved in the contentobtained by those users. Typically, this pipeline is transparent to theuser, with no modification of its content along the path. In some cases,web caching or other performance enhancement technology may be provided,but this still strives to maintain the original content. The inventionprovides a method and apparatus whereby this content may be modified orreplaced along the path to the user. For the purposes of establishing areliable delivery of bulletin messages from providers to their users,the invention specifically forces the delivery of specially-composedWorld Wide Web browser pages to the user, although it is not limited tothat type of data. These may be displayed permanently, temporarily, orin separate pop-up browser windows, according to policies set by theprovider irrespective of the user's intended browsing destination. Theresult of this system is the ability of the provider to make use ofcommunications to users without the requirement of a special clientsoftware component to be present on the user's personal computer orother browsing device. Another benefit of the invention is itsimplementation as a hardware or software device that incorporatessimplified, fail-safe integration into the provider's infrastructure. Inaddition, due to the use of the standards of World Wide Web browsers,all the Web features, such as interactivity in the same or separatepop-up windows, become available to the provider. The policies set bythe provider can be for specific users or groups of users withidentified characteristics or activity.

Over 90% of cable television system operators in the United Statesprovide high speed (broadband) Internet access through their system withan early adoption rate of 8% in the U.S. and 5% globally.

Cable systems, upgraded to serve digital channels, can supportdata-over-cable Internet access through the industry standard, DOCSIS,which sends the Internet data inside a compatible packet in the sameform as digital TV's MPEG2. In addition to supporting MPEG2 digitaltelevision, the Internet access infrastructure is required to supportupstream data in the 5 to 45 MHz spectrum for the 2-way Internetactivity.

A variety of early adopters experimented with several schemes totransport two-way data over existing cable infrastructure, however,DOCSIS emerged as the standard. The DOCSIS 1.0, 1.1, and 2.0 RadioFrequency Interface (RFI) Specification SP-RFI-105-991105 is what themajority of US vendors and cable operators have agreed to implement. Inaddition, the industry supports an interoperability laboratory thattests and enforces compatibility complete with certification labels.

The spectrum on the cable plant allows for downstream, or forward, pathsignals that occupy the 54- to 860-MHz band, with channels spaced at thestandard 6 MHz originally designed to handle the over-the-air: NTSCvideo signals. In fact, the entire cable infrastructure retains thischannelized imprint from the over-the-air spectrum.

The upstream, or return path DOCSIS signals generally occupy from 5 to42 MHz (a spectrum not used by over-the-air television and, in fact, isthe spectrum used by “short wave” broadcast when propagated over theair). The upstream spectra can, therefore, have variable channelspacing, depending on the signal's type and format. Because of the noisyand legacy design implications, upstream signals with DOCSIS are limitedin bandwidth and, as with the Cisco CMTS (Cable Modem TerminationSystem), broken up into six upstream segments each individuallyallocated to a small neighborhood of approximately 200-300 houses. Thechoice of employing compatibility with the legacy 6 MHz channelizationpermits compatibility with other parts of the system allowing a minimalamount of disruption to the existing infrastructure when itDOCSIS-compatible Internet data access is added. In addition, much ofthe upgrades in plant and equipment required for the provisioning ofbroadband Internet access are in common with the upgrades needed toexpand service to digital television services and pay-TV which can fitfrom 4 to 12, typically 6, digital channels into each of the same 6 MHzchannels of the spectrum.

The digital channels have digital data encoded in MPEG2 frames thatinclude the DOCSIS data. The DOCSIS data can utilize an entire 6 MHzchannel or be interleaved with other services but that is not known tobe a feature that is utilized. Each frame includes a program identifier,PID, of which the DOCSIS data is allocated one: HEX 1FFE. The cablemodem searches for the channel with the DOCSIS PID when it is poweredup. The channel can be any of the system channels but is typically inthe digital channel range above 350 MHz.

Once the DOCSIS modem finds its downstream data, the dialog beginsnegotiations with the head end to determine various parameters ofoperation such as the upstream channel, the power of the modem'stransmitter, modulation technique, symbol rate, and finally thenegotiation into an encrypted communications session using X509certificates based upon a combination of data permanently installed inthe cable modem:

A serial number

A cryptographic public key

An Ethernet MAC address

The manufacturer's identification

Further system authentication integrates the registration of the modemand customer's account within the billing system. The ability tocommunicate directly with customers or groups of customers sharing acommon problem directly relieves a substantial portion of the supportburden from both transport and ISP vendors. It will also improve supportquality and customer satisfaction.

For the preferred embodiment, the simplest environment, that of abroadband cable system, is used as an example. In such a cable systemover which broadband Internet data is offered, there are two basic typesof devices in the invention as shown by FIG. 1.

Redirecting device—a device residing in the neighborhood along with thecable access concentrator. This product is intentionally located at theedge of the network, providing intelligence at the last scalable pointin the cable operators' IP network (in closest proximity to the user).The number of redirecting devices will replicate the number of accessconcentrators within the network, and the device will inter-connect toone of the access concentrator's Ethernet ports, or in a manner as tohave access to user upstream traffic. This device could be locatedanywhere in the infrastructure where access to user upstream traffic isavailable, but the closer it is located to the user, the greater thepossibility for delivering messages due to upstream service outages. Inone embodiment, the insertion of the redirecting device includes webcache control protocol, switching or redirecting mechanisms in anexisting ISP router may be utilized. In another example, the redirectingdevice is inserted in the path of web traffic from the user through anISP.

Consolidating and managing device—a device located in the cableoperator's NOC (Network Operations Center) providing data services andmanagement control to the deployed redirecting devices. This productwill be interconnected to the NOC network, which interconnects all ofthe NOC servers as well as the Internet portal.

Bulletin Services and the Benefits: The location of the bulletinservices equipment can be made optimal for solving the very set ofproblems described above. When located at each uBR/CMTS (UniversalBroadband Router, Cisco's name for its Cable Modem Termination Systemproduct line), it can survey the state of the upstream and downstreamnetwork and automatically provide high visibility of the status to thecustomer. It can deliver individual content to specified users or groupswith individually tailored policies (frequency, circumstances, pop-up,banner, front, back, etc.). It can target customers issuing packets withsignatures of virus-generated communication. And, it can determineupstream problems and assign the trouble to either the transport vendoror the Internet service provider for further action, if required, orsimply eliminate the call because of the visibility of the problem andthe subsequent reinstitution of operation.

The bulletin services clearly can eliminate service calls. Many“problems” are not problems and can be eliminated, such as providing thecustomer a pre-announcement of a scheduled maintenance downtime or aclear description of an existing, general Internet problem out of thecontrol of the local system. Problems that are quite deterministic as towhich vendor owns the responsibility can often be automaticallydetermined. Unless the entire system is totally “dead,” the trouble callcan be deflected to the responsible vendor with some helpfulinformation. Customers under the influence of a “virus” can cause thesystem a lot of trouble without the customer having visible symptoms.Real-time communications with the customer can, often automatically,enlighten that customer to the contamination and possibly issue arequired repair procedure which, if ignored, might result in thesubscription being temporarily disabled. Direct communication with theInternet access customer has been used effectively for several yearsthrough pop-ups and banners, but these have only been issued from thedestination site that was sought by the browsing customer. They havebeen used for extending the advertising viewing space and time as wellas for special information bulletins issued from that destination site.

Direct communication with the customer from the transport vendor or ISPvendor, independent of the destination sought by the customer andwithout blocking the customer's access to that destination has not beenpreviously developed and, therefore, available. However, the servicesthat directly target real-time bulletins can provide a mechanism thatforges a general-purpose facility and provide this capability.

Virtually all calls due to downtime that had been previously scheduledand announced. That could easily be a sizable portion of the installedbase.

Virtually all calls that can be automatically diagnosed as non-local,upstream Internet congestion whether assigned to a particular provideror general Internet malfunctions. Progress on the problem can bepresented in a bulletin.

Virtually all calls that are due to local infrastructure outages thatare upstream of the uBR/CMTS. These problems can be diagnosed andannounced automatically or manually to the customer. Progress in repaircan be highly visible to the customer who will get better information byviewing the real-time bulletin of the progress than holding on atelephone line.

Virus preventative cut-offs.

Problems in the first category are clearly stated to the customer asbeing supported by the carried provider. Calls to will be immediatelyre-directed to the provider. Trouble in the second category is oftenassociated with a general cable outage and usually results in a call tothe cable television repair service first. In such cases, both arere-instituted simultaneously and the appearance of a working TV is thesignal for the recovery of the cable modem. Troubles in the thirdcategory will result in an “informational” call of short duration.

This brief analysis indicates that bulletin services can eliminate mostcalls, the longest and most complicated calls, and clearly increasecustomer satisfaction. The reduction in calls affects both Level-1call-center personnel as well as Level-3 “last resort”, highly trainedpersonnel.

The Bulletin Services can reduce other network personnel overhead:

The location of the bulletin services device at the uBR/CMTS permits itto check every connection for the signature of a virus-generated “storm”that causes system-wide degradation. It is also in the position to bedirected, manually, by network personnel, to inform the customer that avirus infection is causing difficulties on his PC and that remedialaction is required. A written bulletin can include step-by-stepprocedures to remedy the problem saving a rather lengthy telephonedialog.

This capability can be extended to react to a variety of signals ofmisuse activity of the system by customers either automatically or bysimple, manual issuance of an appropriate bulletin.

The network support personnel are the most highly paid and notoriouslyoverworked. Reductions in these areas are clearly highly valuable.

Redirecting Device Environment: FIG. 2 shows the redirecting device atthe network edge with the cable access concentrator/router and othervarious network components:

Platform Specification

Hardware chassis (e.g., NEBS-compliant or standard rack mount, orstand-alone), with processor, RAM, non-volatile storage. This may beoffered as an integral hardware solution running a standard or anembedded operating system, or as a software solution running on astandard PC/UNIX/Mac workstation or other computer system.

Optional facilities for configuration, troubleshooting, and out-of-bandmanagement.

Interface to the provider infrastructure, e.g., Ethernet, SONET, and thelike.

Redirecting Device Software Block Diagram: FIG. 3 provides a summary ofhow the redirecting device navigates through the four critical modules.The HTTP engine accepts connections for pages that may need to bereplaced, parses URL, determines replacement strategy, providesreplacement pages from the policy database, and proxies to a “real”server on an as-needed basis. The management engine receives and storespolicy from the system, provides replacement policy as requested by theHTTP engine, notifies the GRE and IP layers (Generic RoutingEncapsulation, as defined by RFC 2784) of address policy (i.e.,intercept or not, lifetime and the like), and implements managementprotocol between redirecting and management devices. The address manageris notified by the GRE and/or IP when a new address is detected, andrequests address information between redirecting andmanagement/consolidating devices and will asynchronously send to thepolicy engine. When GRE is used, such as when WCCP is used to insert theredirecting device into the network, the GRE is implemented for highperformance, and examines incoming packets from the Ethernet driver. Ifthere is not any fragmentation and the source address is known and doesnot require interception, the packet can immediately be transmitted backto the router. This ensures good performance for the most likely cases.If fragmentation does exist, the packet is given to the IP layer forfurther processing and the completed packet is then given by the IPlayer back to the GRE for processing. If the IP address includes apolicy that requires further processing, the GRE header is removed andsent back to the IP stack for further processing by the HTTP engine.Alternatively, functions such as IP defragmentation and delivery ofreplacement pages can be implemented below the IP stack with improvedefficiency.

With specific reference to FIG. 3, the following should be noted:

Software Application Specification-WCCP v1 and v2, unicast andmulticast, GRE support, L2 support as it becomes available from Cisco.

Cisco-like command line interface.

SNMP (Simple Network Management Protocol) support as required.

Protection from access by consumers, e.g., filters and/or SSH (SecureShell).

Keeps policy list by IP address, as provided by Bulletin Manager

For non-intercepting IP addresses, packet is vectored back to router atwire speed For intercepting, box must proxy to real server in order tohave access to reverse traffic, or a connection to the real server canbe allowed and then later intercepted to avoid having to proxy.

Traffic modification replaces page, which can provide new content, aredirection to a different page (possibly on another server), or providea pop-up with the main page fetching the originally-requested content

Traffic modification based on schedule policy:

One-shot

Interval

Frequency-changing interval

Acknowledgement from user can modify policy

Policy loaded by Bulletin Manager

Additional Specifications: The consolidating and management device islocated in the NOC and licensed based on number of deployed deviceswithin the operating network:

Platform Specification

Same specifications as redirecting device except:

Faster CPU with additional RAM

Larger storage facility

Additional Interfaces similar to other NOC oriented hardware

Software Application Specification

Protocol between devices should be open and publishable

Front-end management console allows:

Defining redirecting devices

Obtaining status/configuration of redirecting devices

Defining policy

Loading web pages to be distributed

Back-end management:

Monitoring/upgrading redirecting devices

Integrates with customer systems, including billing

Integrates with DHCP or other address management system tocross-reference customer ID with current IP address.

Implementation Approach: Whenever a redirecting device receives a TCPSYN packet, it looks in its table to find the IP address of the source.If the address is not in the table, or is expired, it sends a request tothe address management device, along with a unique identifier for anypolicy that it has cached for that IP address (in the case of an expiredentry). Depending on configuration, it could then forward the originalpacket back to the router, or discard or delay the packet. If theaddress is unknown, it also creates an entry for the IP address with ashort expiration, so that it will not query the consolidating andmanagement device again for a little while.

The address management device then queries the address managementdatabase (e.g., DHCP) to obtain the Cable Modem address associated withthat IP address, and may also obtain the DHCP lease expiration time.Once the consolidating and management device determines the userassociated with the IP address, if a message for that user is desired,then it can send new policy information to the directing device alongwith a unique identifier for that policy. If the unique policyidentifier sent by the redirecting device indicates that the redirectingdevice already has the correct policy information available, then theconsolidating and management device does not need to re-send it; it canjust re-activate it. In addition, the DHCP lease expiration time issent, even if no message is desired. The redirecting device updates itstable so that it will not query the consolidating and management deviceagain concerning that IP address until the DHCP lease expires, or morelikely, some fraction of that time, perhaps with a limit.

Systems that utilize alternative address management databases toreconcile subscriber account identification with currently issued IPaddresses can be used identically to the DHCP query for Cable Modemaddress within the consolidating and management device by substitutingthe alternate account identification for the Cable Modem address andsubsequently relaying the respective policy information for thatsubscriber to the redirecting device upon discovery of the associated IPaddress.

The loading of the policy from the consolidating and management deviceto the redirecting device is asynchronous from the above processing,i.e., the redirecting device will simply continue to reflect packets forthe IP address until the policy information changes. Likewise, if thereis a failure in the communications between the redirecting device andconsolidating and management device, including the consolidating andmanagement device itself, then the redirecting device will simplyreflect packets back to the router.

In some cases, the consolidating and management device will send policyinformation to the redirecting device before being queried by theredirecting device. When a redirecting device initializes, it will senda packet to the consolidating and management device indicating that itis starting fresh. If the consolidating and management device knows ofpolicy information that should exist in that redirecting device, it cansend it ahead of any requests by users.

In addition, a consolidating and management device must maintain a listof addresses located at each redirecting device, so that ifconsolidating and management device is loaded with new policyinformation, it can send that policy immediately, rather than waitingfor the address lease to expire.

When a consolidating and management device sends a policy to aredirecting device, it should include the IP address, and, forneighborhood-wide messages, a mask, and the message or modification tobe performed for that address. When a redirecting device expires the IPaddress from its cache, it should also deactivate the policy, but keepthe policy available. A single policy may be applied to multiple IPaddresses.

When a redirecting device receives a connection for which it wants tosend a message, it accepts the connection as if it is the server, sothat the HTTP GET message is seen. Then, the URL and HTTP header can beexamined as required. If it is then desired to send a replacementmessage, a redirecting device creates a socket that will appear to bethe server and send the replacement page back to the user, as if it isthe server. If the page is not to be replaced, the redirecting devicewill connect to the real server and proxy the data back to the user.

Alternatively, the redirecting device reflects packets back to therouter while maintaining state information about the browsing session.Once an HTTP GET message is seen and the URL and HTTL header areexamined, if it is desired to send a replacement message, theredirecting device replies directly to the user, as if it is the server,and the redirecting device sends a message to the server, as if it isthe client, that terminates the session. If the page is not to bereplaced, the redirecting device can simply continue to reflect packetsback to the router.

Care must be exercised when sending a replacement or modified page to doso at an appropriate point in the data stream. For example, if a GET isrequesting a JPEG image, then it is not possible to substitute an HTMLdocument. Only a GET that is requesting an initial page should beallowed. This can generally be determined by examining the HTTP header.“Neighborhood” or Localized Implementation: An alternative configurationis shown in FIG. 4. In this configuration, the redirecting device may beat the aggregation router level or at the CMTS or neighborhood level. Infact, there is not any limitation to the number of redirecting devicesin the network and each level provider, at the ISP level, the routerlevel or the neighborhood level, can include an independent redirectingdevice.

In a Wi-Fi type system, as shown in FIG. 5, the redirecting device isinstalled between the provider and a router, either using direct routingor as a NAT (Network Address Translator) gateway. This permits the Wi-Fiprovider to communicate with each of the users 1-N on the system at anypoint in time, while still permitting single subscriber connectivitywith the ISP. In this configuration, the specific user can be identifiedbehind the NAT by sending a “null” message from the redirecting deviceto each user on line via the Wi-Fi, as they actively browse, and settinga cookie and examining the existence of such cookies. The examinationthen identifies each individual user. The Wi-Fi provider can then directspecific to each user on an individual or a group basis.

In the Wi-Fi application, the NAT is connected to a Wi-Fi networktypically adapted for accommodating a plurality of users. In itspreferred form the redirecting device is configured to identify each ofthe plurality of users on the Wi-Fi network. This may be accomplished bydirecting the redirecting device to send a message to all of the userson the Wi-Fi network with a request for an automatic response. Theredirecting device then identifies each of the users from the automaticresponse. This will then support the ability to send a selected one ofthe identified users.

What is claimed is:
 1. A method, comprising: accessing, by a redirectingdevice, user upstream traffic from a requested destination site;providing, by the redirecting device, a fixed identifier to aconsolidating and management device, the fixed identifier based on theaccessed user upstream traffic; creating, by the redirecting device, anentry in a table stored in the redirecting device, the entry having apredefined time expiration period during which the redirecting devicewill not query the consolidating and management device; and redirectinga message, based on the accessed user upstream traffic, to a display ona message vehicle occurring directly from the redirecting device withoutinvolvement from the destination site.
 2. The method of claim 1, whereinthe message vehicle is at least one of: a pop-up window on the usercomputer; and a prompt provided on the user computer.
 3. The method ofclaim 1, further including a step of transmitting to the user themessage vehicle for displaying and communicating the message from theconsolidating and management device to the user.
 4. The method of claim1, wherein the consolidating and management device utilizes at least oneof: a web cache control protocol; and switching mechanisms in anexisting ISP router or switch.
 5. The method of claim 1, wherein thefixed identifier is a modem address unique identifier of the user. 6.The method of claim 1, wherein the message is transmitted in response toan event determined by the redirecting device.
 7. The method of claim 1,wherein the user is identified to belong to a defined group of users andwherein the message is selectively sent to a pre-selected user group. 8.The method of claim 1, wherein the redirecting device performs at leastone of: works through Web browsers irrespective of the World Wide Webdestination sought by the user identifier; returns the user to theOriginal World Wide Web destination after the message has beentransmitted; operates with multiple types of content; comprises ahardware device that is connected at various points, in plurality, in aprovider infrastructure; comprises a software system installed on acomputer system connected at various points, singly or in plurality, ina provider infrastructure; identifies each of the plurality of users byperforming at least one of: temporarily redirecting each active user toa visible or non-visible, null-Web page that sets a cookie with therequired information to identify an action and user in the future andcapturing an identity and previous activity flagged by the set cookie;sends a selected message to a selected one of the identified users;includes an ability to acquire knowledge of policy information, receivedfrom the consolidating and management device, when a Web or otherrequest is detected with only an identifying IP address; minimizes theoverhead of acquiring user parameters through caching of the userparameters for a determined portion of time; operates in connection witha consolidating system management device for permitting a group ofsystem devices to be viewed by a provider as a single system; andprovides optional fail-safe operation of each device so failure does notdisrupt other normal browsing and Internet activity of the user butresults only in an interruption of bulletin delivery.
 9. The method ofclaim 8, further including a step of providing optional fail-safeoperation of each device such that failure does not disrupt other normalbrowsing and Internet activity of the user but results only in aninterruption of bulletin delivery.
 10. The method of claim 1, furtherincluding a step of defining a policy for at least one of: controllingthe selective transmission of messages to the user; a Web page or otherpage information; timing and frequency of delivery; and activating theredirecting device to deliver a message in response to other useractivity, wherein the activating comprises defining at least one of: adefined destination; an amount of activity by the user; and requestscarrying a signature of virus contamination.
 11. The method of claim 1,further including a step of generating a plurality of independentlydesignated policies to be delivered correctly to the user even if somepolicy events invoke in simultaneity.
 12. The method of claim 1, furthercomprising identifying the user by using data available from the userand provider infrastructure to provide the fixed identifier based on theuser upstream traffic by using an enforced delivery of a Web page to beused in distribution and subscription of new users without priorknowledge of serial numbers associated with the new user's interfaceequipment and without requiring the new users to utilize specialsoftware.
 13. The method of claim 12, further comprising at least oneof: using the enforced delivery of a Web page to reduce the volume oftelephone support requests by an enforced pre-announcement of known,future system outages due to scheduled maintenance. using the identifierfor detection of “signature” forms of Internet packets indicating apresence of undesirable content, wherein the undesirable content is avirus. transmitting a message identifying the undesirable content to atleast one of: a provider and the user. logging the undesirable contentidentifying message. enforcing the delivery of other user-beneficialinformation currently displayed on the manually accessed providerinformation Web page.
 14. The method of claim 1, further including atleast one of: detecting and logging a number of simultaneously requestedWeb connections. flagging users that are utilizing more than onesimultaneous device per subscription.
 15. The method of claim 1, furtherincluding a step of transmitting explanations to be issued, in anenforced manner, to subscribers, after a service interruption, in such amanner as to alleviate customer dissatisfaction by illuminating andexplaining a problem and efforts taken in a future time to eliminate theproblem.
 16. The method of claim 1, further including a step of loggingat least one of: successful implementation of policies to each user; andinteractive responses that have been requested within the policy. 17.The method of claim 1, further including a step of inserting at leastone of: a redirecting device in the path of web traffic from the userthrough an ISP; a redirecting device in the path of web traffic from theuser through an aggregation router; and a redirecting device in the pathof web traffic from the user through a CMTS.
 18. The method of claim 1,further including at least one of: inserting a redirecting device in thepath of web traffic between a Network Address Translator (NAT) and anISP; wherein the NAT is connected to a Wi-Fi network; wherein the Wi-Fiaccommodates a plurality of users; and wherein the redirecting device isfurther configured to identify each of the plurality of users on theWi-Fi network.
 19. A non-transitory computer readable medium comprisinginstructions that, when read by at least one processor, cause the atleast one processor to perform: accessing, by a redirecting device, userupstream traffic from a requested destination site; providing, by theredirecting device, a fixed identifier to a consolidating and managementdevice, the fixed identifier based on the accessed user upstreamtraffic; creating, by the redirecting device, an entry in a table storedin the redirecting device, the entry having a predefined time expirationperiod during which the redirecting device will not query theconsolidating and management device; and redirecting a message, based onthe accessed user upstream traffic, to a display on a message vehicleoccurring directly from the redirecting device without involvement fromthe destination site.
 20. A system, comprising: a redirecting device;and a consolidating and management device; wherein the redirectingdevice: accesses user upstream traffic from a requested destinationsite; provides a fixed identifier to the consolidating and managementdevice, the fixed identifier based on the accessed user upstreamtraffic; creates an entry in a table stored in the redirecting device,wherein the entry has a predefined time expiration period when theredirecting device will not query the consolidating and managementdevice; and redirects a message, based on the accessed user upstreamtraffic, to a display on a message vehicle that occurs directly from theredirecting device without involvement from the destination site.